On 2017-06-17, Paul Suh <pl...@goodeast.com> wrote: > Folks,=20 > > My understanding of the way that this is done is by returning a CNAME = > when the ISP's DNS recursive DNS server would otherwise return a = > NXDOMAIN result, followed by a HTTP 302 when the browser attempts to = > reach the host via the bogus CNAME.=20 > > My question is would running my own internal recursive DNS resolver be = > sufficient to stop this from happening? (I run my own DNS server anyway, = > but I'm curious to see whether it would be sufficient to bypass the = > search page redirection stupidity.)=20
Usually that's enough, but it depends how evil the ISP is.